I guess I should have specified that in our case, the Run As Administrator attempts are being initiated with different credentials (same domain) than the currently logged on user. So this answer makes sense in some cases, but when specifying different user credentials, the current authentication token wouldn't be valid so the process would have to go back to the DC to validate the new credentials, right?
↧